RE: Spoofed scans

From: Philip Wagenaar (PB.Wagenaar@Chello.NL)
Date: 01/07/02 

From: "Philip Wagenaar" <PB.Wagenaar@Chello.NL>
To: "'James'" <jamesh@cybermesa.com>, <incidents@securityfocus.com>
Date: Mon, 7 Jan 2002 02:04:57 +0100

Do you mean get the MAC address? If so MAC addresses aren't unique
anymore, and how could you lookup what MAC address belongs to what IP?

Philip Wagenaar

> -----Original Message-----
> From: James [mailto:jamesh@cybermesa.com]
> Sent: maandag 7 januari 2002 1:47
> To: incidents@securityfocus.com
> Subject: Re: Spoofed scans
>
>
> Capture the data link layer and get the hardware address.
> Perhaps this will indicate the true IP.
>
>
> "Ask the plants of the earth and they will teach you." Job 12:8
>
> ----- Original Message -----
> From: "Richard Arends" <richard@unixguru.nl>
> To: <incidents@securityfocus.com>
> Sent: Sunday, January 06, 2002 4:41 AM
> Subject: Spoofed scans
>
>
> > Hello,
> >
> > Last couple of weeks i'm getting more and more spoofed scans on my
> > firewall. All scans are icmp or port 53 (domain). Mostly
> 'they' first
> > send a few icmp packets and then a scan for port 53 trying to do a
> > reverse lookup for my ip.
> >
> > Are there more seeing this type off scans and is there a way to
> > substract the real scanner (ip) from the list ip's ???
> >
> > Greetings,
> >
> > Richard.
> >
> > ----
> > An OS is like swiss cheese, the bigger it is, the more
> holes you get!
> >
> >
> >
> ----------------------------------------------------------------------
> > ----
> --
> > This list is provided by the SecurityFocus ARIS analyzer
> service. For
> > more information on this free incident handling, management and
> > tracking system please see: http://aris.securityfocus.com
> >
> >
>
>
> --------------------------------------------------------------
> --------------
> This list is provided by the SecurityFocus ARIS analyzer
> service. For more information on this free incident handling,
> management
> and tracking system please see: http://aris.securityfocus.com
>
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Relevant Pages

  • Re: Spoofed scans
    ... Yea, and MAC addresses could be changed, too. ... this person was on every time the spoofing took place. ... >>> more information on this free incident handling, management and ... For more information on this free incident handling, ...
    (Incidents)
  • Re: Macs in the enterprise...
    ... Steve de Mena wrote: ... environment to the Mac in just a few weeks. ... It's scalable to hundreds of thousands of machines, and AitIT could control all their displays at every airport in the world from a single site with SMS, with the benefit of a tiered management server structure. ...
    (comp.sys.mac.advocacy)
  • Re: Macs in the enterprise...
    ... Steve de Mena wrote: ... 'AirIT ported its Flight Information Display System from a PC ... environment to the Mac in just a few weeks. ... with the benefit of a tiered management server structure. ...
    (comp.sys.mac.advocacy)
  • Re: Mac marketshare has increased under Jobs!!!!
    ... under very bad management Apple built up an inventory of $1 Billion in Performa Macintosh machines that no one wanted. ... Meanwhile the Mac machines themselves had never been faster and still retained a 2:1 speed advantage over contemporary Intel/AMD PC machines thanks to the PowerPC true-RISC chips. ... But when the iMac became a hit, and as Mac OS X matured, the market share drop stopped dead and even inched up again. ...
    (comp.sys.mac.advocacy)
  • Re: Mac marketshare has increased under Jobs!!!!
    ... under very bad management Apple built up an inventory ... Meanwhile Windows 95 came out and had a few things that Mac OS ... With continued low public expectations came lowering market share. ...
    (comp.sys.mac.advocacy)